Miggo Logo
Miggo Vulnerability Database
CVE-2023-52970

CVE-2023-52970: MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0....

4.9

CVSS Score
3.1

Basic Information

CVE ID
CVE-2023-52970
GHSA ID
GHSA-g8xg-6v3j-w97f
EPSS Score
0.2886%
CWE
CWE-1038
Published
3/9/2025
Updated
3/9/2025
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The primary evidence comes from the Jira issue MDEV-32086, which is directly linked to CVE-2023-52970. The Jira issue includes a stack trace from the crash, explicitly naming 'Item_direct_view_ref::derived_field_transformer_for_where' as the point of failure. The vulnerability description also mentions this function. The MariaDB release notes confirm the fix for MDEV-32086. Although direct commit information is not available through the tools, the Jira issue provides strong evidence for the vulnerable function.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

M*ri*** S*rv*r **.* t*rou** **.*.*, **.* t*rou** **.*.*, **.* t*rou** **.**.*, **.* t*rou** **.*.*, *n* **.* t*rou** **.*.* *r*s**s in It*m_*ir**t_vi*w_r**::**riv**_*i*l*_tr*ns*orm*r_*or_w**r*.

Reasoning

T** prim*ry *vi**n** *om*s *rom t** Jir* issu* M**V-*****, w*i** is *ir**tly link** to *V*-****-*****. T** Jir* issu* in*lu**s * st**k tr*** *rom t** *r*s*, *xpli*itly n*min* 'It*m_*ir**t_vi*w_r**::**riv**_*i*l*_tr*ns*orm*r_*or_w**r*' *s t** point o*